New Brunswick

UNB issues warning after faculty emails compromised in massive data dump

The University of New Brunswick is telling faculty and staff to be on the alert after some email addresses were detected in a massive data dump published online earlier this month.

'Collection #1' breach saw millions of email addresses and passwords posted online this month

Fraud Prevention Month takes place every year in March with the goal of protecting Canadians from scams.
Collection #1 includes millions of email addresses and passwords and was posted to a cloud service last week. (CBC)

The University of New Brunswick is telling faculty and staff to be on the alert after some email addresses were detected in a massive data dump published online earlier this month.

The "Collection #1" breach includes millions of email addresses and passwords. It's believed to be an aggregate of data breaches from thousands of sources, collected over the years and posted to a cloud service last week.

Erik Denis, senior cybersecurity officer at UNB, said only 40 per cent of the 4,500 UNB email addresses detected in the collection are active.

"It's good for us to let people know to be safe because once you're compromised in some fashion, it gives the impression to the hacker that all these people may be more susceptible or less aware of what's going on out there," he said. "So they sometimes become more of a target."

Denis said 4,500 UNB email addresses were detected in the breach, but only 40 per cent are active. (Submitted)

What to do?

Denis said once an email address has been exposed, there's no way to erase it. However, people can always be more cybersecure in their everyday life.

One of the biggest "don'ts" in the business is using the same password for different accounts.

"If a hacker hacked into one of your accounts and has the password, you have to assume that all your other accounts are compromised as well," Denis said.

Turning on two-factor authentication is important, because it adds one extra step to your sign-in process and makes it more difficult to hack.

"If you have two-factor authentication there is another step … and sometimes that's even harder to find than the password itself," said Denis.

Getting a password manager can be helpful, as it allows people to create and maintain multiple, difficult passwords without having to remember them all.

"It kind of makes the user experience much more complicated but unfortunately that's the world we have to live in right now," Denis said.

Deleting accounts you don't use anymore, like that Hotmail email that you haven't signed on to in five years, can help minimize your "cyber circle," Denis said.

He said if people are more secure online, they'll be less frightened by stories about large breaches.

"It'll take some work on the front end … but in the long run it's much easier to manage and you can read the news with more of an open mind or a better perspective," he said.